CVE-2018-0298

Name of the Vulnerable Software and Affected Versions Cisco FXOS and Cisco UCS Fabric Interconnect Software (affected versions not specified) Firepower 4100 Series Next-Generation Firewall (affected versions not specified) Firepower 9300 Security Appliance (affected versions not specified) UCS 6200 Series Fabric Interconnects (affected versions not specified) UCS 6300 Series Fabric Interconnects (affected versions not specified)

Description The issue is related to insufficient input validation in the web UI of the affected systems, which could allow a remote attacker to cause a buffer overflow by sending a malicious HTTP or HTTPS packet. This could result in a denial of service (DoS) condition on the affected system, causing the process to crash and possibly reload the device.

Recommendations For Cisco FXOS and Cisco UCS Fabric Interconnect Software, restrict access to the web UI to minimize the risk of exploitation. For Firepower 4100 Series Next-Generation Firewall, Firepower 9300 Security Appliance, UCS 6200 Series Fabric Interconnects, and UCS 6300 Series Fabric Interconnects, consider disabling the web UI until a patch is available. Avoid using the physical management interface to send HTTP or HTTPS packets to the affected systems until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.